THREATNOIR
Subscribe
Back to Feed
RansomwareMay 2, 2026

‼️ New Ransomware Group and IP Leak: CMD Organization Clearnet: cmdofficial[.]com IP: 209[.]99[....

New ransomware group CMD Organization surfaces with clearnet and onion infrastructure.

Read at source

Summary

A previously unknown ransomware group called CMD Organization has been identified operating infrastructure across clearnet and dark web platforms. The group's primary domain cmdofficial[.]com and associated IP address 209.99.186.211 have been exposed, along with an onion service URL. This appears to be an early-stage threat actor with limited public activity.

Indicators of Compromise

  • domain — cmdofficial.com
  • ip — 209.99.186.211
  • domain — cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion

Entities

CMD Organization (threat_actor)